holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Avoid recent problems by not padding $target in process_tc_rule()

Browse Source
This commit is contained in:
Tom Eastep 2010-09-11 11:03:28 -07:00
parent d9ced1051a
commit e93a7fe9df
1 changed files with 6 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -278,7 +278,7 @@ sub process_tc_rule( ) {
require_capability ('CONNMARK' , "SAVE/RESTORE Rules", '' ) if $tccmd->{connmark}; require_capability ('CONNMARK' , "SAVE/RESTORE Rules", '' ) if $tccmd->{connmark};
$target = "$tccmd->{target} "; $target = $tccmd->{target};
my $marktype = $tccmd->{mark}; my $marktype = $tccmd->{mark};
if ( $marktype == NOMARK ) { if ( $marktype == NOMARK ) {
@ -287,21 +287,17 @@ sub process_tc_rule( ) {
$mark =~ s/^[|&]//; $mark =~ s/^[|&]//;
} }
if ( $target eq 'sticky ' ) { if ( $target eq 'sticky' ) {
if ( $chain eq 'tcout' ) { if ( $chain eq 'tcout' ) {
$target = 'sticko'; $target = 'sticko';
} else { } else {
fatal_error "SAME rules are only allowed in the PREROUTING and OUTPUT chains" if $chain ne 'tcpre'; fatal_error "SAME rules are only allowed in the PREROUTING and OUTPUT chains" if $chain ne 'tcpre';
} }
my $chain1 = $target; ensure_mangle_chain($target);
$chain1 =~ s/ +$//;
ensure_mangle_chain($chain1);
$sticky++; $sticky++;
} elsif ( $target eq 'IPMARK ' ) { } elsif ( $target eq 'IPMARK' ) {
my ( $srcdst, $mask1, $mask2, $shift ) = ('src', 255, 0, 0 ); my ( $srcdst, $mask1, $mask2, $shift ) = ('src', 255, 0, 0 );
require_capability 'IPMARK_TARGET', 'IPMARK', 's'; require_capability 'IPMARK_TARGET', 'IPMARK', 's';
@ -338,7 +334,7 @@ sub process_tc_rule( ) {
} }
$target = "IPMARK --addr $srcdst --and-mask $mask1 --or-mask $mask2 --shift $shift"; $target = "IPMARK --addr $srcdst --and-mask $mask1 --or-mask $mask2 --shift $shift";
} elsif ( $target eq 'TPROXY ' ) { } elsif ( $target eq 'TPROXY' ) {
require_capability( 'TPROXY_TARGET', 'Use of TPROXY', 's'); require_capability( 'TPROXY_TARGET', 'Use of TPROXY', 's');
fatal_error "Invalid TPROXY specification( $cmd/$rest )" if $rest; fatal_error "Invalid TPROXY specification( $cmd/$rest )" if $rest;
@ -404,8 +400,6 @@ sub process_tc_rule( ) {
} }
} }
$target =~ s/ +$// if $mark eq '';
if ( ( my $result = expand_rule( ensure_chain( 'mangle' , $chain ) , if ( ( my $result = expand_rule( ensure_chain( 'mangle' , $chain ) ,
$restrictions{$chain} , $restrictions{$chain} ,
do_proto( $proto, $ports, $sports) . do_proto( $proto, $ports, $sports) .
@ -1527,7 +1521,7 @@ sub setup_tc() {
mark => HIGHMARK , mark => HIGHMARK ,
mask => '' } , mask => '' } ,
{ match => sub ( $ ) { $_[0] =~ '&.*' }, { match => sub ( $ ) { $_[0] =~ '&.*' },
target => 'MARK --and-mark ' , target => 'MARK --and-mark' ,
mark => HIGHMARK , mark => HIGHMARK ,
mask => '' , mask => '' ,
connmark => 0 connmark => 0